Routers can be buggy. When they are buggy they are a nightmare. What is the brand of your router and are you using the original firmware? If possible I suggest trying with a router which has (for example) Tomato installed. Tomato is not perfect, but is a long way better than the proprietary router firmwares. Note: I'm not suggesting this is the source of your problem, but I've found buggy routers can greatly complicate things.
–
Faheem MithaSep 4 '11 at 8:21

I think your use of the term URL above is incorrect. You mean a Fully Qualified Domain Name (FQDN) I assume. What does host my_dyndns_ip show?
–
Faheem MithaSep 4 '11 at 8:24

Thanks @Faheem Mitha. I've netgear WPN824v3. How can I make sure if its buggy? And what is Tomato? :)
–
hariSep 4 '11 at 8:24

4 Answers
4

I am thinking you problem is not in the port forwarding, but another option in the NAT config in the router.

First, ensure if you use your LAN IP, you can successfully SSH from another machine on the network. This ensures SSH works at all.

Second, test from another machine outside the network using the public IP. This ensures that port forwarding works.

Third, test from that same machine outside the network and use the DynDNS URL. This ensures that DynDNS is working properly.

If all of those succeed, then nothing is wrong with your configuration (which I'll assume is correct) and you problem is only accessng the public IP (either directly or through DynDNS) from inside the network. This means that your router needs to have NAT reflection enabled (if possible) to route internal requests as if they were external requests for the public IP.

Can you setup something to listen for port 22 on another machine and change the port forward rule to point towards the second machine? You need to rule out whether it is something in the router or something on the machine that is blocking it.
–
MaQleodSep 5 '11 at 19:18

If that doesn't work try forwarding a port above 1024 (Some ISP's don't allow non business subscriber traffic on ports below 1024). Also make sure if you do this you change the line in the conf I just told you about to reflect the same value.

Try with tcptraceroute to debug if you can go to the remote port first.
If some machine is blocking the port you can see in the output.
Try to use netstat -atun the see the open ports/connections on both machines.